diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2016-4955 ntp-4.2.6p5/ntpd/ntp_proto.c
--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2016-4955 2016-05-26 15:39:53.706690269 +0200
+++ ntp-4.2.6p5/ntpd/ntp_proto.c 2016-05-26 15:39:36.000000000 +0200
@@ -1129,15 +1129,17 @@ receive(
report_event(PEVNT_AUTH, peer, "crypto_NAK");
peer->flash |= TEST5; /* bad auth */
peer->badauth++;
- if (peer->flags & FLAG_PREEMPT && hismode != MODE_BROADCAST &&
- !(peer->flash & (TEST2 | TEST3))) {
- unpeer(peer);
- return;
- }
+ if (hismode != MODE_BROADCAST &&
+ !(peer->flash & (TEST2 | TEST3))) {
+ if (peer->flags & FLAG_PREEMPT) {
+ unpeer(peer);
+ return;
+ }
#ifdef OPENSSL
- if (peer->crypto)
- peer_clear(peer, "AUTH");
+ if (peer->crypto)
+ peer_clear(peer, "AUTH");
#endif /* OPENSSL */
+ }
return;
/*
@@ -1156,15 +1158,17 @@ receive(
if (has_mac &&
(hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
- if (peer->flags & FLAG_PREEMPT && hismode != MODE_BROADCAST &&
- !(peer->flash & (TEST2 | TEST3))) {
- unpeer(peer);
- return;
- }
+ if (hismode != MODE_BROADCAST &&
+ !(peer->flash & (TEST2 | TEST3))) {
+ if (peer->flags & FLAG_PREEMPT) {
+ unpeer(peer);
+ return;
+ }
#ifdef OPENSSL
- if (peer->crypto)
- peer_clear(peer, "AUTH");
+ if (peer->crypto)
+ peer_clear(peer, "AUTH");
#endif /* OPENSSL */
+ }
return;
}